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Sir: 

ARGUMENTS IN SUPPORT OF APPLICANTS^ 
PRE- APPEAL BRIEF REQUEST FOR REVIEW 
This paper is submitted with the applicants' Notice of Appeal and Pre-Appeal Brief Request 

for Review in response to the Office action made Final dated August 18, 2006. 



Status of the Application 
Claims 1-32 arc pending. Claims 1, 23-29 and 31-32 stand rejected under 35 U.S.C. §l03(a) 
as being obvious over U-S. Pat. App. Pub. No. 2003/0018913 to Brezak et aL (hereinafter *Brexak') 
in view of U.S. Pat. No, 5,535,276 to Ganesan (hereineifter 'Ganesan'). Additionally, claims 2, 3, 5, 
7-1 1, 14, 15 and 30 stand rejected under 35 U.S.C. §103 a being unpatentable over Brezak in view 
of Ganesan and further in view of U.S. Pat. No. 6,829,356 to Ford (hereinafter Tord*). Still 
further, claims 4, 6, 12, 13 and 20 stand rqected under 35 U.S.C. §1 03 a being unpatentable over 
Brezak in view of the Ganesan, Ford and further in view of "Applied Cryptography" by Schneier 
(hereinafter 'Sdmeier')- Still further, claims 16-19 and 21-22 stand rejected under 35 U.S.C. §1 03 
a being unpatentable over Brezak in view of Ganesan, Ford and further in view of "Handbook of 
Applied Cryptography by Menezes et al, (hereinafter "Menezes*). 
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The Art of recx)rd Fails to Establish a Prima Facie Case of Obviousness 

The applicants assert that the art of record fails to establish a prima facie case of 

obviousness because the prior art references, even when combined, fail to teach or suggest all the 

claim hmitations^ For example. Claim 1 recites in pertinent part; 

obtaining a common nonce associated with each of the plurality of servers 
from an entity other than the client or the plurality of servers; 
providing the common nonce to tlie client; 

receiving the common nonce signed by the client at the middle-tier server; 

and 

providing the signed conunon nonce to the plurality of servers as a signature 
for transactions so as to authenticate the client to the plurality of serven>. 

The Office Action asserts that Brezak discloses all of the recitations of Claim 1 with the 
exception of receiving the common nonce signed by the client at the middle-tier server", which 
the Office Action asserts is disclosed by Ganesan^. In support of this position, tlie Examiner 
attempts to read the claimed common nonce associated with each of the plurality of servers from 
ail entity other than the client or the plurality of servers" onto the '"privilege attribute certificate" 
(PAC) disclosed by Brezak^. Contrary to the Examiner's conclusion, it is the applicants' position 
that, when reading claim \ as a wkole^ Rrezak can not teach or suggest this claim element. 

A 'privilege attribute certificate" (PAC) 404 as tau^t by Brezak'*, includes delegation 
information such as a "component identity information" field and an "access restriction 
information" field. The component identity information field stores a history of servers that request 
a service ticket on behalf of the client. The access restriction information selectively identifies 
certain servers/services that client has either directly, or indirectly designated as allowing the first 
scrvei- to delegate to'\ Thus, the PAC is a set of data fields maintained by a trusted third party for 
tracking the history and access restrictions of requests for service tickets on behalf of a client and is 
not a common nonce associated with each of the plurality of servers. 



' See for Example, the M.P.E.?- §706.02(j). 

- Sec Office Action mailed 08/18/2006. suirting at Page 3, line 17 to Page 4, line 5. 

- See Office Action mailed 08/1 8/2006, Pages 2-3. 
'* Sec Fig. 4 of Brezak 
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Even assuming arguendo, that the PAC can be treated as a common nonee associated with 
each of the plurality of servers, (which the applicants strongly urge it cannot), Brezak still fails to 
teach or suggest that the PAC, which is provided to the client is also provided to the plurality of 
servers as a signature for transactions so as to authenticate die client to the plurality of servers, as 
claimed. In Brezak, several layers of transactions separate die PAC received by the client from the 
PAC communicated to the back-end servers. In order to see this, it is important to understand the 
transaction method utilizes by Brezak. 

As disclosed in Brezak, in order for a client 202 to access Server A, the client 202 and 
Server A each first obtain a 'Ticket Granting Ticket" (TGT) from a trusted tliird party 
authentication service 206*^. The client then sends a ticket granting service request message to the 
authentication service 206. The authentication service replies to the client 202 with a message 226 
that includes a client service ticket, which is associated with both the client 202 and Server A. This 
ticket may include a first PAC as described alxive. Before initiating a communication session, the 
client sends this service ticket to Server A^. In the disclosed example in Brezak, it is assumed that 
Server A needs to access Server C on behalf of the client 202**. Thus, Server A sends its own ticket 
granting service request message to the third party authentication service 206. 'I'he request by 
Server A includes Server A's previously obtained Ticket Granting Ticket, the client's service ticket 
(which may include a first PAC) and the identity of the target server (Server C in tliis example)^ 

The authentication service 206 checks to see if the client 202 has authorized delegation in 
response to receiving the ticket granting service message from Server A. If the authentication 
service 206 detenmines that it is okay to delegate, it replies to Server A with a reply message that 
includes a new service ticket for Server A. The reply message may also provide client account data 
in the form of a second PAC, There are two possible sources of the PAC information in Server A *s 
service ticket. The PAC may be derived by the third party authentication service, e,g„ from an 



^ Sec Brezak U-S. Pat Pub. No. 2003/0018913, paragrapb* 50-52. 
^ SeeBrerak^U.S. Pat. Pub. No. 2003/0018913, paragraph 42. 

See Brezak, U.S. Pat Pub. No. 2003/0018913. paragraph 43- 
^ Sec Brezak. U.S. Pat Pub. No. 2003/0018913, paragraph 44. 

See Brezak, U.S. Pat Pub. No. 2003/001891 3. paragraph 44. 
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authentication database 208, or the authentication service may simply copy relevant PAC data from 
the client's seivice ticket if that ticket included the first PAC^^ The relevant transactions in Brezak 
arc seen in the illustration presented below. 

Client 



Client Service 
Tickei xv/PAC 1 















Server A TGT 










Client Service Ticket 




Sei'ver Service 




w/ PAC 1 




Ticket w/ PAC 2 




Server C 










T 






F 


Server A [ 

1 



Thus, contrary to the Examiner*? arguments^\ Brezak cannot teach or suggest ..providing 
the signed common nonce to the plurality of servers as a signature for transactions so as to 
authenticate the client to the plurality of servers". TTiis can be seen because the client's service 
ticket (including the first PAC in the client service ticket, if present) never makes it to the back-end 
server, e.g„ server C. Rather, the PAC in the client service ticket is used as a tool by Server A to 
request its own service ticket, which may include a second PAC, which is used to request yet 
another ticket in the delegation/transaction with the Server C^^ on behalf of the client 202, 

Gamsan is Nat Combinable With Brezak Asi Suggested By The Examiner 
The Examiner acknowledges that Brezak does not disclose the client signing a common 
nonce. However, the Examiner argues thai Ganesan teaches that in a ticketing system, to protect 
against dictionary attacks, die ticket should be encrypted by the ticket granting system with the key 
shared between the server to be accessed and the ticket granting server^ 

See Brezak. U.S. Pat. Pub, No. 2003/0018913. pai-asraplis 45^9. 
" See Office Action mailed 0&/1 8/2006, Page 3, lines 23-25. 
12 Brezak, U.S. Pat. Pub. No. 2003/0018913, paragraph 55, 

See Office Action mailed 08/18/2006. Page 4, lines 1-1 1. 
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Gancsan is directed to split private key asymmetric cryptography, where a message, 
including a ticket to access a server 50, is encrypted/signed and then verified to authenticate a client 
1 0 to a server 50*"*. Accordingly, even Ganesan fails to teach or suggest . .providing the common 
nonce to the client" where the common nonce is . . associated with each of the plurality of servers 
from an entity other than the client or the plurality of servers" as claimed. 

Regardless, if one were to try to employ the teachings of Ganesan as the Examiner suggests, 
the combination still fails to teach or suggest , .providing the signed common nonce to the 
plurality of servers as a sigoatui'e for transactions so as to authenticate the client to the plurality of 
servers" as claimed because Server A merely forwards the client'^ service ticket (signed or not) 
with a first PAC to the authentication service 206^^ and receives a new service ticket with a different 
PAC from the authentication service 206, which is used to implement additional transactions, e.g., 
with Server C, as described above 

Conclusion 

Accordingly, when considering claim 1 as a whole, the prior art references, whether taken 
singly or in combination, fail to teach or suggest all of the claimed limitations. As such, no prima 
facie c^c of obviousness has been established. Accordingly, the applicants respectfiiUy request that 
claim 1 and the claims that depend there from, be withdrawn. Claims 26-28, 31, and 32 similarly 
recite such a common nonce, and arc thus patentable for similar reasons. Also, dependent claims 2- 
22 and 30 are patentable at least per the patentability of Clauns 1 and 28 from which they 
respectively depend. 

Respectfully submitted, 
Stevens & Show^ltcr, L,L.F^ 
By 

Thomas E. Lees*^ * 46,867 




See Ganesan, U.S. Pat No. 5,532^276, Col. 5, lines 34-56 and Col. 15, lines 45-60. 
See Brezak, U.S. Pai. Pub. No. 2003/0018913, paragraph 45. 
Sec Brezak, U.S. Pat Pub. No. 2003/0018913, paragraph 48. 
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